[Git][security-tracker-team/security-tracker][master] Update status for CVE-2016-7965

Salvatore Bonaccorso carnil at debian.org
Thu Sep 20 19:38:22 BST 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c5fddd1 by Salvatore Bonaccorso at 2018-09-20T18:36:55Z
Update status for CVE-2016-7965

Upstream considers this not a vulnerability and the issue itself can be
adressed by properly configure dokuwiki as per
https://github.com/splitbrain/dokuwiki/issues/1709 . As such enought to
demote severity to unimportant.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -103096,10 +103096,10 @@ CVE-2016-7966 (Through a malicious URL that contained a quote character it was .
 	- kcoreaddons 5.26.0-3 (bug #840547)
 	NOTE: https://www.kde.org/info/security/advisory-20161006-1.txt
 CVE-2016-7965 (DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...)
-	- dokuwiki <unfixed> (bug #844732)
-	[jessie] - dokuwiki <no-dsa> (Minor issue)
-	[wheezy] - dokuwiki <no-dsa> (Minor issue)
+	- dokuwiki <unfixed> (bug #844732; unimportant)
 	NOTE: https://github.com/splitbrain/dokuwiki/issues/1709
+	NOTE: Can be adresesd by properly configure dokuwiki as per
+	NOTE: https://github.com/splitbrain/dokuwiki/issues/1709#issuecomment-262337572
 CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...)
 	- dokuwiki <unfixed> (bug #844731)
 	[jessie] - dokuwiki <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c5fddd187688dcfc0faff169987eb69082e1bb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c5fddd187688dcfc0faff169987eb69082e1bb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180920/68793855/attachment.html>


More information about the debian-security-tracker-commits mailing list